This article's supposed bombshell conclusion is that XRP is not needed for Ripple's payment technology to be useful to Ripple's customers. That is actually a succinct statement of Ripple's strategy and to paint it as a negative is somewhat ridiculous.

When a server makes requests from you, you "charge" it. If the server exceeds its "credit limit", it is disconnected. If needed, the IP address is banned for a period of time. Connection attempts during the ban cause the ban to be extended. Servers in a cluster "gossip" about IP addresses that have put heavy server or client load on them and ban them from the cluster.
I have no heard any reports of this mechanism being insufficient to protect servers from abuse.

To my knowledge, nobody at Poloniex has ever reached out to us. We have contacted them several different ways to offer advice, security reviews, and the like. We have not heard back, at least not as far as I know.

As I've argued elsewhere, I'm becoming more and more convinced that the entire way we regulate financial institutions in the United States no longer makes any sense. We got to where we are by putting a series of band aids and fixes to completely change the system over time and we wound up with a Frankenstein's monster of pieces that don't fit together.
This is probably the best article I've written on the subject: https://steemit.com/politics/@joelkatz/the-war-on-cash
But I need to make a longer version that makes my core argument more clearly. The core idea is this:
We now regulate the movement of money by holding FIs liable if they knew, or should have known, that a transaction they facilitated laundered money or financed terrorism.
This is objectively an idiotic idea. It's as idiotic as fighting terrorism by holding restaurants and grocery stores liable if they knew, or should have known, that they sold food to a terrorist.
We want to put terrorists in the US, or those who send them money, in jail for aiding terrorism. We don't want to push them to the fringes of the financial system where it's harder to see what they're doing.
Also, that would be a massive rights violation. If someone is suspected of being a terrorist (maybe because they spoke out against an evil country and they added them to a watchlist in retaliation) they now can't buy food. How can that be Constitutional?

If you have access to a machine with npm and node, do this:
1) Create a new directory. Go into it.
2) Create a filed called "coldwallet.js" with the following contents:
3) Type "npm install ripple-keypairs". An error about a missing manifest is normal. Now type "node coldwallet.js" to generate a cold wallet. The output will look like this:
4) Run it a few times and make sure you get different output each time. If paranoid, you can test one of the secrets in an online or desktop wallet to make sure you get the matching Ripple address back. Don't use that one, of course.

Sure. But you can't reverse the intermediary payments to market makers. Consider a hypothetical:
They payment is USD->MXN. So internally, there's a USD->XRP transfer and an XRP->MXN transfer. These transfers are irreversible. So if, for example, the MXN can't be accepted at the destination for some reason, you can reverse the entire payment. You'll pay four spreads (two each way) but the loss will be comparable to the losses associated with similar failures today.
So, yes, you can ask the Mexican partner to return the MXN. But that only works if you got the right number of MXN out the other end.
If, for example, the XRP was sent to the wrong address or one of the rates for the two halves of the transfer was way off what the rate should have been, there is an irrecoverable loss. Similarly, if for some reason the USD->XRP transfer succeeds but there's slippage on the XRP->MXN side, you have to handle that properly.
There are a variety of complex failure cases that the software must sanely report and handle before you can trust it to move large amounts of money without constant human intervention.

The first time you deposit to Poloniex, they will take about 20.5 XRP from your deposit to fund a pointless extra wallet on the ledger. This also makes their deposit process take about three times longer than it should.

Probably the best way is to make sure that Nik, myself, or someone else at Ripple reports that they've passed it to our legal/fraud contact in the company. Unfortunately, dealing with these things often takes longer than we'd like, but we do get them removed. They do pop back up though.
I reported wallet-ripple.com and xrp-storage.com to our BSA/investigation team at around 10PM on November 15th when I first heard about it. They acknowledged the following morning. By close of business that day, seven hours after my report, they had already started sending notices.

Not yet. The thing that came the closest to getting me in trouble was this:
https://steemit.com/politics/@joelkatz/the-war-on-cash
I still think it's probably the best thing I've ever written and really need to make a longer version to make my key argument even more explicit.

I wish I could, but I don't think there's any more information that I can release. It gets very close to releasing information about specific partnerships, which I cannot do without the consent of the partner. In one of the earlier posts, I implied something that's not exactly right, and I can't untangle it without releasing information I can't release. So I kind of got too close to that line already.
There are other partners using or testing xRapid. But Cuallix is the only one that we have announced yet.

I think we're right at that critical point now where we are starting to pivot some customers to XRP for some corridors. We have enough adoption now and enough value and liquidity in XRP that that's realistic. Cuallix is, so far, the only announced partnership of this type. The main limiting factor right now is everyone having enough confidence that the system is going to work correctly that they're willing to flip the switch and let it make large, irreversible payments without intervention. This means, for example, correctly handling a large variety of failure/error cases which, though unlikely, must be properly handled in a production system. Fortunately, we went through a very similar process with xCurrent.

RippleNet is sort of agnostic to how the money moves. You can use traditional correspondent banking. You can use a RippleNet member that has the reach you need (like EarthPort). Or you can use XRP. Right now, most destinations are not reachable through XRP, so you still need nostro/vostro accounts or you need to use a partner that has them.
This is kind of our two-phase plan. The lack of XRP liquidity does not prevent people from getting value from RippleNet. So we can continue to build the network and find the corridors where XRP liquidity can really make a difference and then incentivize liquidity in those corridors. We can also focus on corridors where there's already XRP liquidity by targeting partners who have payments there.
See here if you haven't seen it already: https://ripple.com/solutions/source-liquidity/

I think we would do that if we had to. But it's very dangerous. You want an FI to commit and to spend their own money so they're motivated to get as much out of it as possible. We can't work with everyone at once, so being willing to spend money acts as a good way to select those institutions that really are committed to making it work.
As I said, I don't think we'd let this be an obstacle to something really good though. If an FI couldn't hold XRP or couldn't tolerate the volatility or had some other obstacle and there was some way we could make that obstacle go away, we would if we had to. This is Ripple's secret weapon -- we have that large stash of XRP that we can use to incentivize where it's needed.

I do believe that people have a right to know and understand what Ripple's prospects are and what the risks are. I see a lot of people focusing on what I think are the wrong risks. For example, I don't think Bitcoin and Swift are really potential competitors because neither of them is trying to do what Ripple's doing. (Ripple is much more harmed by bad things happening to bitcoin than good things.) I could be wrong about that, of course, but that's my view.
When I say "who knows", what I mean is that I don't know of any specific reason or way that this particular risk would materialize. But these are the ones that I worry the most about and these are the ones I'm actively trying to make sure we avoid.
I try as hard as I can to be honest about both our strengths and our weaknesses because the long term health of both the company and the XRP market is important to me.
Oh, and as for:
I don't think that's something to worry about. Once they're using our software, there are no technical obstacles to using XRP. If we can make it save more money, I can't imagine banks turning it down. Of course, if we can't make it save banks money or improve their payment flows, they won't use it -- but that's on us, not the banks.

The experts we have used to design our programmatic sales system tell us that a 20 basis point net sales preference should have only a negligible effect on the price. Our programmatic sales is not part of any intentional attempt to stabilize or depress the price.
I'm hardly an expert on this subject, but I admit that I do find it somewhat difficult to believe that the effect on price is negligible. That just doesn't seem intuitively right to me. However, my own back of the envelope math suggests that the price is probably about one cent lower now than it would have been had Ripple stopped its programmatic sales one year ago. Again, I'm not an expert, but it seems reasonable to re-compute the market cap with and without the XRP that Ripple has released. And this gives you less than 2 cents a year. And it ignores two ways Ripple's sales can put upward pressure on the price:
1) When Ripple releases XRP, the overhang of XRP Ripple can release in the future is reduced. This overhang is, presumably, priced in now, so reducing it puts at least some upward pressure on the price.
2) When Ripple gets cash for XRP, that increases Ripple's ability to execute on its plans for XRP. If the probability of Ripple's successful execution of its XRP strategy is part of the price of XRP, then growth in Ripple's war chest should put upward pressure on the price.
But, as I've said at least twice already, I'm not an economist or an expert on economics. We do have such people involved in our XRP strategy.

You're welcome. It's kind of randomish when I sleep. Generally, during the week I get very little sleep and then I binge sleep on the weekends. I'm told that's not possible for humans to do, but it seems to work for me. So ...

It can be done either way.
The exchange has to support some API for coordinating the operation, ideally ILP. The exchange has to have some way to easily move money between itself and the FI on its side of the payment. The FI has to trust the exchange to hold its money (or vice versa).
The FI either has to use xRapid or support ILP.
It can be done with a payment channel (for small payment), with escrow (for large payments or where there's no trust), or just with a regular XRP payment (where there's a small amount of trust and the payment size isn't enormous).

I think it's been changing and it's different things for different banks. Right now, there is a lot less resistance from FIs than you might think and it's going to come down to us being able to put together a package of products and services that works for them. We're finally at the point where we are starting to do that with XRP.

Fortunately, it's not nearly as hard as you might think. The payment looks like this:
1) Originator
2) Originating FI
3) Exchange that does the "to XRP" part
4) Exchange that does the "from XRP" part
5) Destination FI
6) Recipient
1, 2, and 3 are already in the same region. So there are no issues with them doing business with each other.
4, 5, and 6 are already in the same region. So, again, no issues there.
2 and 5 already know how to put together a compliant payment flow that crosses the two regulatory regions. They already ensure that 1, 2, 5, and 6 meet the regulatory requirements for both regions. So no issues here either.
3 knows that 2 is compliant with the regulations in its region. 3 knows who is receiving the fiat and who is supplying the XRP. 3 knows that 2 has ensured the compliance of 5 and 6.
4 knows who is receiving the XRP and who is supplying the fiat. 4 knows that 5 is compliant with the regulations for its region and has already ensured the compliance of 1 and 2.
This leaves shockingly few regulatory issues left. It turns out not to be nearly as difficult as you might imagine.

I thought so too, but looking at bitcoin, I'm becoming more and more confident that no incentive is necessary. One might be necessary in the short term just because XRP hasn't reached the mass bitcoin has. But I'm pretty confident one isn't needed in the long term.
Now, I know what you're thinking, how could I have learned this from bitcoin -- bitcoin incentivizes miners with bitcoins.
But think about it. Is bitcoin governance 100% in the hands of miners? Are they even the best agents in the space?
Users, developers, exchanges, wallet providers, and many other groups are participating in bitcoin governance too. And they don't get any special incentives. In fact, you could argue that the incentives provided to miners is a negative and makes community governance more difficult as the incentives become more and more misaligned.
So if people even go to the trouble to stand up to miners and push against their tremendous financial incentives without any special incentive, why should people need a special incentive to do the cheaper, simpler task of just running a damn validator?

Say you need to prove to me that your credentials are correct. You do it by giving me the 6 digit code. At the same time, I claim to be you. When asked for the six-digit code, I give the code you gave me. The code, of course, checks out.
So why is your key fob useful despite that trivial vulnerability? Because there is one, and only one, central authority that verifies that six digit code. But, of course, we're designing systems that don't have central authorities.
So we need a scheme that provides a verification that cannot be separated from the data it verifies and can be confirmed by any number of third parties that you don't trust.

Right now, we don't have a good quantum-resistant digital signature algorithm that's suitable for our use case. We could pick the least awful of the existing ones, but we'd be sacrificing a lot to get quantum resistance. And once we add an algorithm, we're pretty much stuck with it forever as removing it would lock people who were using it out of their accounts. So we'd prefer to wait as long as we safely can or until a new quantum-resistant digital signature algorithm is released that works well for our case.
If anyone knows of any quantum-resistant digital signature algorithms that they think would be suitable, please feel free to let me know. We care about signature verification time, signature size, public key size (unless the public key can be reliably derived from the signature), and reusability (same key must be safe to use for many signatures).

I would argue that you should store private information that only you care about in a database, not on a public ledger. But you could use the 8 least significant bits in the Expiration for this purpose. Presumably, you don't care about precisely when your offers expire.